Vulnerabilities > Contest Gallery

DATE CVE VULNERABILITY TITLE RISK
2022-12-26 CVE-2022-4165 Unspecified vulnerability in Contest-Gallery Contest Gallery
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_order POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php.
network
low complexity
contest-gallery
6.5
2022-12-26 CVE-2022-4166 Unspecified vulnerability in Contest-Gallery Contest Gallery
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4_activate.php.
network
low complexity
contest-gallery
6.5
2022-12-06 CVE-2022-45848 Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery
Unauth.
network
low complexity
contest-gallery CWE-79
6.1
2022-08-23 CVE-2022-36394 SQL Injection vulnerability in Contest-Gallery Contest Gallery
Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress.
network
low complexity
contest-gallery CWE-89
8.8
2022-04-18 CVE-2022-27853 Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery
Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9
network
low complexity
contest-gallery CWE-79
4.8
2021-11-29 CVE-2021-24915 SQL Injection vulnerability in Contest Gallery Contest Gallery
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address
network
low complexity
contest-gallery CWE-89
critical
9.8
2019-07-05 CVE-2019-5974 Cross-Site Request Forgery (CSRF) vulnerability in Contest-Gallery Contest Gallery
Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
low complexity
contest-gallery CWE-352
8.8